[BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP

(cherry picked from commit 7b0549cd70)
(cherry picked from commit 13e10a65d9)
(cherry picked from commit 65bdd73cf2)
(cherry picked from commit 64eba8bb92)
(cherry picked from commit 4c49b1a759)
(cherry picked from commit 93b4d06406)
(cherry picked from commit e2bc5f36d9)
(cherry picked from commit 2bee76f9df)
(cherry picked from commit 3d8a1b4a9f)
(cherry picked from commit 99dd092cd0)

modules/context/api.go

@@ -188,13 +188,20 @@ func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
 	}
 }
 
+func getOtpHeader(header http.Header) string {
+	otpHeader := header.Get("X-Gitea-OTP")
+	if forgejoHeader := header.Get("X-Forgejo-OTP"); forgejoHeader != "" {
+		otpHeader = forgejoHeader
+	}
+	return otpHeader
+}
+
 // CheckForOTP validates OTP
 func (ctx *APIContext) CheckForOTP() {
 	if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
 		return // Skip 2FA
 	}
 
-	otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
 	twofa, err := auth.GetTwoFactorByUID(ctx.Context.Doer.ID)
 	if err != nil {
 		if auth.IsErrTwoFactorNotEnrolled(err) {
@@ -203,7 +210,7 @@ func (ctx *APIContext) CheckForOTP() {
 		ctx.Context.Error(http.StatusInternalServerError)
 		return
 	}
-	ok, err := twofa.ValidateTOTP(otpHeader)
+	ok, err := twofa.ValidateTOTP(getOtpHeader(ctx.Req.Header))
 	if err != nil {
 		ctx.Context.Error(http.StatusInternalServerError)
 		return

modules/context/api_forgejo_test.go

@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: MIT
+
+package context
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetOtpHeader(t *testing.T) {
+	header := http.Header{}
+	assert.EqualValues(t, "", getOtpHeader(header))
+	// Gitea
+	giteaOtp := "123456"
+	header.Set("X-Gitea-OTP", giteaOtp)
+	assert.EqualValues(t, giteaOtp, getOtpHeader(header))
+	// Forgejo has precedence
+	forgejoOtp := "abcdef"
+	header.Set("X-Forgejo-OTP", forgejoOtp)
+	assert.EqualValues(t, forgejoOtp, getOtpHeader(header))
+}